Microsoft names 2 alleged leaders of Zeus botnet rings

Microsoft has named two Ukrainian men its says are among the leaders of Zeus botnets responsible for $500 million in online crimes, and will refer its case to the FBI for review.

The company’s Digital Crimes Unit, which disabled the botnets in March in raids conducted with the U.S. Marshals Service, named Yevhen Kulibaba and Yuriy Konovalenko in an amended complaint filed in the U.S. District Court for the Eastern District of New York.

Kulibaba and Konovalenko, two of 39 “John Doe” defendants Microsoft filed charges against after the raids, currently are serving jail sentences in the U.K. for Zeus-related crimes. Microsoft has yet to identify the other defendants, according to a company blog post by Richard Domingues Boscovich, senior attorney for the Digital Crimes Unit.

Zeus, a Trojan malware kit often used for stealing banking information in attacks that seek to transfer money from a victim’s account, has been around since at least 2005 and variants of it have been employed by quite a few criminal operations.

In 2010, for instance, the FBI and law enforcement officials in the U.K., Europe and Ukraine, took down a Zeus botnet ring that allegedly tried to steal $220 million — and managed to get $70 million — from U.S. banks. The FBI filed charges against 92 people and made 39 arrests.

But Zeus has continued to turn up in the systems of financial institutions. Most recently a new variant was found being used in automated attacks in Europe, the United States and Colombia that were attempting to steal anywhere from $78 million to $2 billion.

Microsoft, after its raids in March, when it confiscated command-and-control servers in Scranton, Pa. and Lombard, Ill., described those botnet rings as “some of the worst.”

“The goal of this operation was not to entirely take out all of the botnets running on Zeus-based malware,” Boscovich wrote in his blog post. The goal, he wrote, is to “protect innocent people by disrupting the Zeus business model and increasing the cost of doing business for cybercriminals.”

On that front, Microsoft, its financial industry partners and Kyrus Tech, are making progress, he said. NACHA – The Electronic Payments Association, Microsoft’s co- plaintiff in the complaint, has seen a 90 percent reduction in phishing e-mails claiming to be from NACHA, Boscovich said.

And the overall rate of observed Zeus infections worldwide also have declined since the March raids, he said, falling from 779,816 between March 25-31 to 336,393 between June 17-23.

Microsoft’s Digital Crimes Unit is a relatively new arm of the company, but it has made some waves on the cyber crime front, leading a takedown in 2011 of the Rustock botnet, which had infected more than 1.5 million computers worldwide, breaking up the Kelihos and Walladec botnets.